Abstract: Examples are generally directed towards disabling features using a feature toggle associated with an application programming interface (API). A server receives an API request including one or more elements. An element is associated with a set of features. If a feature state of every feature within the set of features is an enabled feature state, the element state is an enabled element state and the request is validated. The validated request is executed and a response to the request is returned to the client. If at least one feature state of at least one feature within the set of features is a disabled feature state or a hidden feature state, the element state is a disabled element state and the request is invalided. The invalidated request is rejected and an error message is returned to the client.

Abstract: A communication server, interacting with an organization system having users that wish to communicate securely, provides secure communication capability to the users, without the communication server itself having access to unencrypted content of the user communications or to cryptographic keys that would allow the communication server to derive the unencrypted content. Thus, the communication server that provides the secure communication capability need not itself be trusted by the users with access to communicated content. To achieve this, the various entities communicate to exchange cryptographic keys in such a manner that the communication server never obtains usable copies of the cryptographic keys.

Abstract: A random value generator is provided that comprises a carbon nanotube structure that generates a random output current in response to a voltage input. The random value generator includes a random value output circuit coupled to the carbon nanotube structure that receives the random output current from the carbon nanotube structure and generates a random output value based on the received random output current from the carbon nanotube structure.

Abstract: When data is stored for a significant amount of time or is transmitted through a noisy environment, it is not uncommon for pieces of that data to be lost or degraded. The disclosed method provides users with a new way of generating and then storing data to provide for easy recovery of said data when pieces of data are lost during storage or during transmission. Unlike the present art, which requires users to store or transmit redundant data, this method does not require redundancy. By removing that redundancy, space-costs of storing data can be reduced.

Abstract: Techniques for managing privacy of a network communication may be realized as a computer-implemented system, including one or more processors that store instructions, and one or more computer processors that execute the instructions to receive a first network communication, extract information from the first network communication, identify a privacy rule based on the information, generate a second network communication based on the first network communication and the privacy rule, and cause the second network communication to be sent.

Abstract: A biometric authentication system is disclosed that provides authentication capability using biometric data in connection with a challenge for parties engaging in digital communications such as digital text-oriented, interactive digital communications. End-user systems may be coupled to devices that include biometric data capture devices such as retina scanners, fingerprint recorders, cameras, microphones, ear scanners, DNA profilers, etc., so that biometric data of a communicating party may be captured and used for authentication purposes.

Abstract: Various embodiments provide techniques and devices for implementing a self-described security model for sharing secure resources between secure applications. In some examples, a trustlet can include a self-described policy defining capabilities of the trustlet and/or membership in a scenario group managed by a signing authority. Further, the trustlet can include a code signature signed by the signing authority. Additionally, a proxy kernel can allow the trustlet to share application data with other trustlets in the scenario group based on the policy and the code signature without exposing the application data to compromised system software and/or unauthorized applications.

Abstract: Aspects of the subject disclosure may include, for example, a process that includes receiving first input defining a relationship between first and second entities, generating a first rule based on the first input, wherein the first rule determines accessibility of a networked service, and associating the first rule with the relationship. The first rule modifies settings of a service management infrastructure to effectuate the first rule in accordance with the relationship, wherein the service management infrastructure provides access to the networked service based on the accessibility. Other embodiments are disclosed.

Abstract: A Montgomery modular multiplication device and an embedded security chip. The Montgomery modular multiplication device includes a first Montgomery modular multiplication module, a power calculation module and a second Montgomery modular multiplication module. The first Montgomery modular multiplication module obtains a first operation result A according to two first preset parameters. The power calculation module obtains a second operation result B according to the first operation result A output by the first Montgomery modular multiplication module, the first preset parameters, the second preset parameter and a power calculation function. The first Montgomery modular multiplication module further obtains a Montgomery modular multiplication conversion coefficient according to the first operation result A and the second operation result B.

Abstract: A method of operating a distributed storage system includes receiving, at data processing hardware of the distributed storage system, a customer-supplied encryption key from a customer device (i.e., a client). The customer-supplied encryption key is associated with wrapped persistent encryption keys for encrypted resources of the distributed storage system. The wrapped persistent encryption keys are stored on one or more non-volatile memory hosts of the distributed storage system. The method also includes unwrapping, by the data processing hardware, a wrapped persistent encryption key that corresponds to a requested encrypted resource using the customer-supplied encryption key. The unwrapped persistent encryption key is configured to decrypt the requested encrypted resource. The method further includes decrypting, by the data processing hardware, the requested encrypted resource using the corresponding unwrapped persistent encryption key.

Abstract: A method for authenticating a user for performing a transaction comprises receiving unique knowledge of the user such as photoauthentication, and receiving a hardware profile associated with the user. The unique knowledge and the hardware profile are compared against previously stored data representing unique knowledge of the user and a hardware profile associated with the user. If both the received data representing the unique knowledge of the user and the received hardware profile are authenticated, the transaction is allowed to go forward.

Abstract: An apparatus, computer-readable medium and computer-implemented method for masking data, including applying an irreversible function to a first data element to generate a derivative data element, the first data element being of a first data type and the derivative data element being of a second data type different than the first data type, selecting at least a portion of the derivative data element to serve as a template, generating a masked data element as the result of converting the template from the second data type to the first data type.

Abstract: The invention is a system allowing for the commercial rental of physical assets that are locked and secured at specific locations, including, without limitation, bicycles, motorcycles, automobiles, tools, machines, computers, smart phones, or tablet computers.

Abstract: Disclosed are various approaches for providing authentication of a user and a client device. A user's credentials can be authenticated by an identity provider. In addition, a device posture assessment that analyzes the device from which the authentication request originates is also performed. An authentication request can be authenticated based upon whether the device posture assessment reveals that device to be a managed device that is in compliance with compliance rules.

Abstract: In an embodiment of the invention, a method of classifying a data object includes: scanning the data object; evaluating contents of data objects base on at least one selected rule; and generating a digital DNA sequence that classifies at least some contents in the data object.

Abstract: Technologies for multi-factor authentication of a user include a computing device with one or more sensors. The computing device may authenticate the user by analyzing biometric and/or environmental sensor data to determine whether to allow the user access to a computing device. To do so, the computing device may determine reliability scores based on the environment during authentication for each biometric authentication factor used to authenticate the user. Additionally, the computing device may determine a login pattern based on sensor data collected during historical authentication attempts by the user over a period of time. The computing device may apply a machine-learning classification algorithm to determine classification rules, based on the login pattern, applied by the computing device to determine whether to allow the user access to the computing device. Other embodiments are described herein and claimed.

Abstract: In a computer-implemented method for integrating a file system of a virtual machine into a native file explorer of a client system, a virtualization infrastructure that manages at least one virtual machine is accessed. The virtual machine is discovered. The file system of virtual machine is accessed. The file system of virtual machines is integrated with the native file explorer of the client system.

Abstract: A working method of a dynamic token, including the steps of grouping, by the dynamic token, the second hash data to obtain a plurality of byte groups, transforming respective byte groups into corresponding binary data by shifting and combining the bytes contained in respective byte groups; performing modulo operation on a first preset value by using sum of all the binary data obtained by transforming to a modulo result, performing modulo operation on a second preset value by using the obtained modulo result so as to obtain the first bit interception result. According to this working method, on the basis of different purpose codes, an authentication server authenticates the dynamic passwords applicable to each application scenarios, reducing the risk of keys used for generating dynamic passwords being stolen, improving the security of a token authentication system.

Abstract: Methods and systems for monitoring, analyzing and acting upon voice calls in communication networks. An identification system receives monitored voice calls that are conducted in a communication network. Some of the monitored voice calls may be conducted by target individuals who are predefined as suspects. In order to maintain user privacy, the system selects and retains only voice calls that are suspected of being conducted by predefined targets. The techniques disclosed herein are particularly advantageous in scenarios where the network identifiers of the terminal used by the target are not known, or where the target uses public communication devices. In accordance with the disclosure, context-based identifiers such as speaker recognition or keyword matching are used.

Abstract: Generally described, aspects of the present disclosure relate to for managing the configuration and security policies of hosted virtual machine networks. Hosted virtual machine networks are configured in a manner such that a virtual machine manager component can establish service manifests that correspond to information required by the virtual machine network from a user/customer. The virtual machine manager component can also publish in the service manifests contractual information, such as security risk assessments, that are deemed to have been provided and accepted by the user/customer in instantiating virtual machine networks. If the processed service manifest information remains valid, a substrate network process requests or independently instantiate services or components in accordance with the configuration information and security risk information included in the processed service manifest.